State Sponsored Malware Takes Over Mars Rover

Kaspersky has done it again! This company deserves recognition in the cyber-hall-of-fame for their discoveries of the most amazing pieces of malware ever to come into light.

Let us forget the history and fact that Stuxnet code was made readily available to the world at large and at this time of writing, has been downloaded 10,127 times from ONE site alone. [1] Never fear, no one else downloaded the code, modified it to their liking and redistributed it. That could never be the case, it has to be state sponsored.

Guess this makes the new buzzword "state sponsored" for media. Media that brashly ignores too many facts. Far better to fire off an article within minutes to drive traffic to one's site than it is to fact check. Now, before I get ahead of myself and you, I must tell you that it must be more thrilling for "state sponsors" such as the United States Government and their military/contractors/agencies to cobble together bloated worms, viruses and malware in an effort to obtain financial information.

Think about that for a minute. Imagine the rush of infecting hundreds of machines for the sake of "weeding out terrorism" as opposed to using exiting methods such as SWIFT [2], or, providing companies like Mastercard, Visa, Paypal and others with National Security Letters telling them to give the same financial information.

The rush of analysts having to sort through millions of scattered transactions versus having a detailed and verified list of what financial transaction transpired in any geographical region. Don't know about you, but I know this "state sponsored" cyberwarfare route is where it's at!

Some of you will read this wondering "gee that makes sense" but will still follow the FUD and diatribe coming from companies like Kaspersky. It is far more sexier and intriguing than to simply look at it for what it is, targeted phishing. Targeted phishing though is not headline grabbing.

I cannot phathom any reader coming to my website for: "Targeted Malware Attacks Middle East" but I can tell you right now that I WILL get a plethora of visitors by giving my article a cool title. "State Sponsored Malware Takes Control Over Mars Rover." What does this article have to do with Mars Rover? Absolutely nothing, but I did made you read this didn't I. Just sounds juicy.

Writers at many of these security companies know what they're doing with this "spiel" they call "analysis". Wording is purposefully crafted to generate attention. The reality is, on a bare logical level, it all eventually collapses.

Little talked about Fact on Stuxnet: Its C&C was housed on server (78.111.169.146,193.195.161.220) with known ties to all sorts of RBN scamsters not to mention its main C&C was a gambling site. Am I to believe that the United States went through all this trouble for this super secretive program, then chanced operation security of the program by placing a C&C on a server with criminals? Are people "that" naive to buy into that?

Flame: 20+ megabytes of bloat. Seriously? Enter Gauss... More drivel.

Companies need to watch their wording. State sponsored means absolutely nothing at this point. Companies like Kaspersky, F-Secure, Mandiant and others have oversensationalized this term in order to push their agendas. Nothing more, nothing less.

While I applaud the efforts by the researchers, I also know factually from experience, many companies will omit many details and shift-slash-skew agendas to meet their concerns. Those concerns will ALWAYS be financial ones. Wish I had the money to purchase Kaspersky software. At this point it is obvious that they and only they are capable of detecting the unseen, unheard of, undetectable, uberfilthware capable of infecting Curiousity on Mars.

Mikko Jakonen
Man, I thought this was gaming site for C&C (Command & Conquer), perhaps Red Alert with expansion pack to play SKIRMISH, but no...

1344893885

The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.